Crackers Set Sights on Submarines

by James Glave

5:02am 24.Apr.98.PDT

The cracker group that claimed earlier this week to have stolen US
Department of Defense networking software is gearing up to release
another suite of sensitive programs.

The group, called Masters of Downloading, or MOD, say that on 1 or 2
May they will release a set of programs used to track and communicate
with submarines.

In an Internet relay chat interview Thursday with Wired News, a
24-year-old Russian member of MOD said the group will release the
submarine programs, "and more after that." He declined to identify
himself and he would not elaborate on what the sub programs actually
do -- stating only that "we have so much more to show you."

[No warning about the unreliable nature of IRC? Any 12 year old
could claim to be with this group, and there would be no way of knowing.
Over time, Glave seems to rely on this type of source more and more.]

"Information warfare is a very genuine threat," said the cracker, who
claimed his group pilfered the networking software from a Windows NT
server at the Defense Information Systems Agency (DISA).

Yesterday, a DISA spokeswoman said that the theft of the software,
called the Defense Information Systems Network Equipment Manager
(DEM), in no way represented a threat to national security.

"There is no national security risk posed by this being in the wrong
hands," said Betsey Flood, who added that the intrusion was being
treated as a "serious matter."

"The software is an unclassified application, it does not contain
classified information, and it does not perform control of classified
systems," said Flood.

But the MOD member said that DISA was playing down the threat.

"The DEM may be unclassified, but the information it can give can lead
to highly classified data being compromised," the cracker said.

"The fact that the DEM software was fully configured makes all the
difference -- we know the servers and networks that it connects to and
we also had a lot of logs and generated reports from when it was run
previously," he said.

To prove his point, he outlined exactly how the configured software
could be exploited.

"We could launch the DEM program using the DISA systems as a trusted
gateway, thus gaining very important router/repeater information about
the DISA," he said.,/p>

"We could then either reconfigure/shut down the equipment, or attempt
to compromise it to change routes through systems we 'own,' then sniff
from the owned DISA boxes," he said, describing a process of setting
an invisible recorder to capture keystrokes or network traffic on a
system.

[This still doesn't describe any REAL threat to controlling
submarines. This is careful wording aimed at hyping the software by
giving vague 'we can do this' type statements.]

But a system administrator with the Department of the Air Force said
that the group's claims are overblown.,/p>

"So what if they stole a copy of the software that the Department of
Defense uses to manage its networks. All that it shows is that the
DOD has to pay millions to software companies for obscure software to
manage its networks instead of buying off-the-shelf software like NT
or Novell," said the sysadmin, who spoke on condition of anonymity.

"If it is just a simple tracking program that says 'this sub is going
out over here,' then it's no big deal.... But if it had operational
information like where the subs were, or where their missiles are
targeted -- then that's something to be concerned about," the
administrator said.

The MOD member said that he had been hacking for almost a decade, that
he didn't worry about being caught, and that, as a hedge, he keeps all
his private information cloaked with powerful 2048-bit encryption.
Further, he said that he was browsing inside US Defense Department
systems during the interview with Wired News.

The hacker confirmed earlier reports that MOD did not have hostile
intentions, and he brushed off earlier comments that the group could
sell the sensitive software.

[Yet in another article, they claimed they could sell this and
other software to international terrorists or hostile foreign powers..]

"We spoke of selling it purely as an option to emphasize the DEM
software's value when fully configured for operation with generated
logs and reports, as the version we have comes with," he said.

"Our goals are to demonstrate the power of 15 or so individuals over
large organizations, through publicizing break-ins and data
retrieved," he said.

In February, US Attorney General Janet Reno announced that she would
ask Congress for US$64 million to fund a new US center for fighting
cybercrime. The National Infrastructure Protection Center would be a
hub for a renewed counterattack on hackers around the world.

"Janet Reno needs to stand back and take a reality check," said the
hacker.

"Any networked system cannot, and will not be entirely secure. It all
depends how much of an element of 'human error' has been in the setup
of the system through naiveté, etc.," he said.

As previously reported, the US Department of Defense says it keeps
top-secret communications on a network called SIPRNET that is
physically disconnected from servers on the Internet.

But MOD says they have found that is not always the case.

"The administrative Naval Space Command systems are on the Internet
and they contain a lot of 'interesting' data regarding weapons and
communications technologies that are to be used by the DOD including
energy weapons specifications," the hacker said.

But the Air Force systems administrator remained unimpressed by the
group's threats of potential cyberwar.

"In the end, what does the theft of this software mean?" asked the
administrator. "In the long run, not much. In the short term, the DOD
will spend a few millions to tighten up computer security even more."

"Does it affect the ability of the US military? Not at all.... even
though the DOD likes to use computers, it's people and firepower that
win wars. Computers only make the use of combat forces more
effective," he said.

Editor's Note: Because of the anonymous nature of IRC, the real-world
identity of the MOD member in this interview could not be confirmed.

[So here is the warning, at the very end of the article. And despite the anonymous nature of IRC,
it will not hinder them from printing this material.]

[ This is getting silly. The DoD leaves their software all over the place
I remember a few years ago when I found an FTP site with a copy of SPI.
SPI is a COPS like program that the DoE wrote and makes available only
to DoE, DoD and their contractors. Search and you will find. - aleph1 ]